-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add workflow and template for cloudrun job (#245)
* initial commit -- add workflow and template for cloudrun job * pass the path to the dockerfile * configure Docker to use the gcloud command-line tool as a credential helper. * secrets are define at the terraform cloudrun job module. https://github.com/CruGlobal/cru-terraform-modules/tree/master/gcp Switching to deploy instead fo create * configure gcloud * fix indentation and add closing bracket * fix Incorrect indentation and missing backticks in the github-script step * add newline
- Loading branch information
1 parent
3b222da
commit e48e726
Showing
4 changed files
with
163 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,106 @@ | ||
| name: Build and Deploy Cloud Run Job | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - $default-branch | ||
| - staging | ||
| workflow_call: | ||
| inputs: | ||
| environment: | ||
| type: string | ||
| description: environment to deploy to | ||
| required: true | ||
| job_name: | ||
| description: 'The name of the Cloud Job to deploy' | ||
| type: string | ||
| required: true | ||
| entry_point: | ||
| description: 'The python Job serving as the entry point' | ||
| type: string | ||
| required: true | ||
| runtime: | ||
| description: 'The Job runtime' | ||
| type: string | ||
| required: true | ||
| secrets: | ||
| GCP_PROJECT_ID: | ||
| GCP_PROJECT_NUMBER: | ||
| WORKLOAD_IDENTITY_POOL: | ||
| WORKLOAD_IDENTITY_PROVIDER: | ||
| GCP_SERVICE_ACCOUNT: | ||
| GCP_SERVICE_ACCOUNT_EMAIL: | ||
| GCP_REGION: | ||
|
|
||
| jobs: | ||
| build-and-deploy: | ||
| runs-on: ubuntu-latest | ||
| environment: ${{ inputs.environment }} | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| pull-requests: write | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - id: 'auth' | ||
| name: Authenticate to Google Cloud | ||
| uses: google-github-actions/auth@v2 | ||
| env: | ||
| GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | ||
| GCP_PROJECT_NUMBER: ${{ vars.GCP_PROJECT_NUMBER }} | ||
| WORKLOAD_IDENTITY_POOL: ${{ vars.WORKLOAD_IDENTITY_POOL }} | ||
| WORKLOAD_IDENTITY_PROVIDER: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} | ||
| GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} | ||
| GCP_SERVICE_ACCOUNT_EMAIL: ${{ vars.GCP_SERVICE_ACCOUNT_EMAIL }} | ||
| with: | ||
| project_id: ${{ vars.GCP_PROJECT_ID }} | ||
| workload_identity_provider: 'projects/${{ vars.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/${{ vars.WORKLOAD_IDENTITY_POOL }}/providers/${{ vars.WORKLOAD_IDENTITY_PROVIDER }}' | ||
| service_account: '${{ vars.GCP_SERVICE_ACCOUNT }}@${{ vars.GCP_PROJECT_ID }}.iam.gserviceaccount.com' | ||
|
|
||
| - name: Set up Cloud SDK | ||
| uses: google-github-actions/setup-gcloud@v2 | ||
|
|
||
| - name: Configure Docker to use gcloud as a credential helper | ||
| run: | | ||
| gcloud auth configure-docker us-central1-docker.pkg.dev | ||
| - name: Build Docker image | ||
| run: | | ||
| docker build -t us-central1-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/gcrj-artifacts/${{ inputs.job_name }}:latest ./${{ inputs.job_name }} | ||
| - name: Push Docker image to Google Container Registry | ||
| run: | | ||
| docker push us-central1-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/gcrj-artifacts/${{ inputs.job_name }}:latest | ||
| - name: Deploy Cloud Run Job | ||
| id: deploy | ||
| env: | ||
| GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | ||
| GCP_SERVICE_ACCOUNT_EMAIL: ${{ vars.GCP_SERVICE_ACCOUNT_EMAIL }} | ||
| GCP_REGION: ${{ vars.GCP_REGION }} | ||
| run: | | ||
| gcloud config set project ${{ vars.GCP_PROJECT_ID }} | ||
| gcloud run jobs deploy ${{ inputs.job_name }} \ | ||
| --region=${{ vars.GCP_REGION }} \ | ||
| --image=us-central1-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/gcrj-artifacts/${{ inputs.job_name }}:latest \ | ||
| --service-account=${{ vars.GCP_SERVICE_ACCOUNT_EMAIL }} | ||
| - uses: actions/github-script@v6 | ||
| if: github.event.pull_request.merged == true | ||
| with: | ||
| script: | | ||
| const output = `#### Cloud Run Job Deploy ⚙️\`${{ steps.deploy.outcome }}\` | ||
| <details><summary>Show Deploy</summary> | ||
| \`\`\`\n | ||
| ${{ steps.deploy.outputs.stdout }} | ||
| \`\`\` | ||
| </details> | ||
| *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ inputs.job_name }}\`, Workflow: \`${{ github.workflow }}\`*`; | ||
| github.rest.issues.createComment({ | ||
| issue_number: context.issue.number, | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| body: output | ||
| }); |
14 changes: 14 additions & 0 deletions
14
workflow-templates/build-deploy-cloudrun-job.properties.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| { | ||
| "name": "Build and Deploy Cloud Run Job", | ||
| "description": "Deploy a Cloud Job to Google Cloud Run. This workflow requires authentication to Google Cloud.", | ||
| "filePatterns": [ | ||
| "^Dockerfile", | ||
| "^cloudrun-job-config.yml" | ||
| ], | ||
| "inputs": { | ||
| "job_name": { | ||
| "description": "The name of the Cloud Job to deploy", | ||
| "required": true | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| name: Build & Deploy Cloudrun Job POC | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| # Automatically deploy $default-branch. Create a workflow per branch. | ||
| - $default-branch | ||
| paths: | ||
| - 'Path-to-fuction/**' # Update with path to the job | ||
| workflow_dispatch: | ||
| inputs: | ||
| job_name: | ||
| description: 'The name of the Cloud Job to deploy' | ||
| required: true | ||
| default: 'job-name' # Update with job name | ||
| entry_point: | ||
| description: 'The python job serving as the entry point' | ||
| required: true | ||
| default: 'entry_point' # Update with entry point | ||
| runtime: | ||
| description: 'The job runtime' | ||
| required: true | ||
| default: 'runtime' # Update with runtime | ||
|
|
||
| jobs: | ||
| build_and_deploy: | ||
|
|
||
| uses: CruGlobal/.github/.github/workflows/build-deploy-cloudrun-job.yml@v1 | ||
| with: | ||
| job_name: ${{ github.event.inputs.job_name }} | ||
| entry_point: { entry_point } # hello_http | ||
| runtime: { runtime } # python312 | ||
| environment: { environment } # production | ||
| secrets: | ||
| GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | ||
| GCP_PROJECT_NUMBER: ${{ vars.GCP_PROJECT_NUMBER }} | ||
| WORKLOAD_IDENTITY_POOL: ${{ vars.WORKLOAD_IDENTITY_POOL }} | ||
| WORKLOAD_IDENTITY_PROVIDER: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }} | ||
| GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} | ||
| GCP_SERVICE_ACCOUNT_EMAIL: ${{ vars.GCP_SERVICE_ACCOUNT_EMAIL }} | ||
| GCP_REGION: ${{ vars.GCP_REGION }} |